Pages

Tuesday, September 16, 2008

Oracle E-Business Suite Login Integration with Corporate LDAP

Introduction

I am currently working on a new project to integrate Oracle E-Business Suite Login Information with the corporate LDAP Directory ( In our case it is the Microsoft Active Directory). This will accomplish Single Sign On (SSO) functionality for Oracle Applications. Instead of storing user login credentials in a local oracle database table, users can directly login to Oracle Applications website using their Windows NT credentials. SSOallows users login to their enterprise assets using only a single username/password across the enterprise. This eliminates the need for the user to register multiple times for multiple IT Applications, greatly increasing simplicity.

In our organization, the enterprise user credential repository is stored in the corporate LDAP directory (MS Active Directory). Oracle E-Business Suite uses OID (Oracle's LDAP) Implementation to integrate with MS Active Directory (Microsoft's LDAP Implementation). However, external users and vendors who use Applications such as iSupplier and Procurement will continue to get authenticated using the local oracle database table, because of the fact that they are not enterprise users.

Architecture

All the details are available in the Proof-of-Concept architecture diagram attached above.Click on it for the full-sized image. Currently i am still working on the Proof-of-Concept setup before finalizing the final architecture. The final architecture will have advanced features such as High Availability through Real Application Clusters for the OID database, OID LDAP Replication, Oracle AS Cluster for SSO login servers etc.

If it is an issue that you are facing, then I can help. I cannot share work related documentation. I used the Oracle documentation as the source and then added customization and other configuration/issue fixes that are relevant to our implementation.

What kind of integration you are trying to accomplish ? Is uni-directional ? i.e user syncrhonization from MS Active Directory "to" Oracle R12 (one-way). This is a complex and sensitive project and you cannot perform it in one day. For a 6000 user Oracle E-Business Suite, we completed the integration in 4 months (with a DEV, TEST and Production system).

I am not very sure about OID bundled in R12. I doubt it. I dont have access to an R12 instance now. So I cannot verify.

When you work with OID, you need SSO server also. Both of these are in Oracle Identity Management. Yes I believe you have to install these seperately in the similar architecture that I showed in this post and then follow the metalink NOTE to integrate with R12.

Is there any way to connect oracle with MS AD without really going for OID and OAM? All my read suggests that its not possible. Is there any workaround ? OAM license cost is very high for 8000 employees and it does not make sense to spend that much money.

Thanks for visiting our blog and asking the question. Can you check support.oracle.com ? Please create a service request with Oracle support specifically whether they allow MS AD integration. Many things may have changed recently regarding the Oracle Identity Management.

Introduction Have you seen your VNC Viewer showing a black screen intermittently ? We have a fix for it. This issue has been occurrin...

Copyright and Disclaimer Notice

Copyright 2007 - 2017 DBA University, Inc. All Rights Reserved. No content of this website may be reprinted or otherwise reproduced without DBA University's permission. The posts and comments in this blog are on an "AS IS" basis without warranties. Always test your changes before pushing them to a real-time system !

Oracle is a registered trademark of Oracle Corporation and/or its affiliates .Other names may be trademarks of their respective owners.